Skip to content

Commit

Permalink
Merge pull request #2235 from hhiroshell/fix-pack-2111-1
Browse files Browse the repository at this point in the history
Add a helper script for testing GitHub Actions on forked repositories
  • Loading branch information
natalieparellano authored Jul 29, 2024
2 parents 2aa2cf5 + c45a96c commit 3902749
Show file tree
Hide file tree
Showing 3 changed files with 103 additions and 2 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/delivery-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,9 @@ on:
default: false

env:
REGISTRY_NAME: 'index.docker.io'
USER_NAME: 'buildpacksio'
IMG_NAME: 'pack'
USERNAME: 'buildpacksio'

jobs:
deliver-docker:
Expand Down Expand Up @@ -52,7 +53,7 @@ jobs:
with:
ref: v${{ steps.version.outputs.result }}
- name: Determine App Name
run: 'echo "IMG_NAME=${{ env.USERNAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
run: 'echo "IMG_NAME=${{ env.REGISTRY_NAME }}/${{ env.USER_NAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
Expand Down
23 changes: 23 additions & 0 deletions DEVELOPMENT.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,29 @@ Alternatively, you can use Gitpod to run pre-configured dev environment in the c

* Symlinks - Some of our tests attempt to create symlinks. On Windows, this requires the [permission to be provided](https://stackoverflow.com/a/24353758).

### Testing GitHub actions on forks

The pack release process involves chaining a series of GitHub actions together, such as:
* The "build" workflow, which creates:
* .tgz files containing the pack binaries and shasums for the .tgz files
* a draft release with the above artifacts
* The "delivery-docker" workflow, which builds and pushes OCI images containing the pack binary
* The "benchmark" workflow, which runs performance checks for each commit and uploads reports to GitHub Pages

It can be rather cumbersome to test changes to these workflows, as they are heavily intertwined. Thus, we recommend forking the buildpacks/pack repository on GitHub and running through the entire release process end-to-end.

For the fork, it is necessary to complete the following preparations:

* Add the following secrets:
* `DOCKER_PASSWORD` for the delivery-docker workflow, if not using ghcr.io
* `DOCKER_USERNAME` for the delivery-docker workflow, if not using ghcr.io
* `DEPLOY_KEY` for the release-merge workflow, as a SSH private key for repository access
* Enable the issues feature on the repository and create `status/triage` and `type/bug` labels for the check-latest-release workflow
* Create a branch named `gh-pages` for uploading benchmark reports for the benchmark workflow

The `tools/test-fork.sh` script can be used to update the source code to reflect the state of the fork and disable workflows that should not run on the fork repository.
It can be invoked like so: `./tools/test-fork.sh <registry repo name>`

## Tasks

### Building
Expand Down
77 changes: 77 additions & 0 deletions tools/test-fork.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
#!/usr/bin/env bash

readonly wfdir=".github/workflows"

# $1 - registry repo name

echo "Parse registry: $1"
firstPart=$(echo "$1" | cut -d/ -f1)
secondPart=$(echo "$1" | cut -d/ -f2)
thirdPart=$(echo "$1" | cut -d/ -f3)

registry=""
username=""
reponame=""
if [[ -z $thirdPart ]]; then # assume Docker Hub
registry="index.docker.io"
username=$firstPart
reponame=$secondPart
else
registry=$firstPart
username=$secondPart
reponame=$thirdPart
fi

echo "Using registry $registry and username $username"
if [[ $reponame != "pack" ]]; then
echo "Repo name must be 'pack'"
exit 1
fi

echo "Disabling workflows that should not run on the forked repository"
disable=(
delivery-archlinux-git.yml
delivery-archlinux.yml
delivery-chocolatey.yml
delivery-homebrew.yml
delivery-release-dispatch.yml
delivery-ubuntu.yml
privileged-pr-process.yml
)
for d in "${disable[@]}"; do
if [ -e "$wfdir/$d" ]; then
mv "$wfdir/$d" "$wfdir/$d.disabled"
fi
done

echo "Removing upstream maintainers from the benchmark alert CC"
sed -i '' "/alert-comment-cc-users:/d" $wfdir/benchmark.yml

echo "Removing the architectures that require self-hosted runner from the build strategies."
sed -i '' "/config: \[.*\]/ s/windows-lcow, //g" $wfdir/build.yml
sed -i '' "/- config: windows-lcow/,+4d" $wfdir/build.yml

echo "Replacing the registry account with owned one (assumes DOCKER_PASSWORD and DOCKER_USERNAME have been added to GitHub secrets, if not using ghcr.io)"
sed -i '' "s/buildpacksio\/pack/$registry\/$username\/$reponame/g" $wfdir/check-latest-release.yml
sed -i '' "/REPO_NAME: 'index.docker.io'/ s/index.docker.io/$registry/g" $wfdir/delivery-docker.yml
sed -i '' "/USER_NAME: 'buildpacksio'/ s/buildpacksio/$username/g" $wfdir/delivery-docker.yml

if [[ $registry != "index.docker.io" ]]; then
echo "Updating login action to specify the registry"
sed -i '' "s/username: \${{ secrets.DOCKER_USERNAME }}/registry: $registry\n username: $username/g" $wfdir/delivery-docker.yml
fi

if [[ $registry == *"ghcr.io"* ]]; then
echo "Updating login action to use GitHub token for ghcr.io"
sed -i '' "s/secrets.DOCKER_PASSWORD/secrets.GITHUB_TOKEN/g" $wfdir/delivery-docker.yml

echo "Adding workflow permissions to push images to ghcr.io"
LF=$'\n'
sed -i '' "/runs-on: ubuntu-latest/ a\\
permissions:\\
contents: read\\
packages: write\\
attestations: write\\
id-token: write${LF}" $wfdir/delivery-docker.yml
LF=""
fi

0 comments on commit 3902749

Please sign in to comment.